CrewAI A.I CyberSecurity Scoring
CrewAI
Company Information
Website:https://crewai.com
Employees number:52
Number of followers:91,705
NAICS:5112
Industry Type:Software Development
Homepage:crewai.com
CrewAI Risk Score (AI oriented)
Between 750 and 799
CrewAISoftware Development
Updated:
05/04/2026
05/04/2026
750/1000
Fair
Baa
CrewAI Global Score (TPRM)
xxxx
CrewAISoftware Development
Score locked

CrewAIFair
Current Score
750Baa (FAIR)
01000
1 incidents
-2 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
750
JUNE 2026
750
MAY 2026
750
APRIL 2026
752
Vulnerability
31 Mar 2026 • CrewAI
CrewAI: CrewAI Vulnerabilities Expose Devices to Hacking
Critical Vulnerabilities in CrewAI Framework Enable Remote Code Execution and Data Theft
750
CRITICAL-2
CRE1774967753
Critical Vulnerabilities in CrewAI Framework Enable Remote Code Execution and Data Theft
Security researcher Yarden Porat of Cyata has uncovered four critical vulnerabilities in CrewAI, an open-source Python-based framework for multi-agent AI orchestration. If chained together, these flaws could allow threat actors to execute arbitrary code, access sensitive files, and steal credentials from affected systems.
The vulnerabilities CVE-2026-2275, CVE-2026-2286, CVE-2026-2287, and CVE-2026-2285 stem from improper configurations and insecure fallback mechanisms in the Code Interpreter tool, which enables Python code execution within a Docker container. The first flaw (CVE-2026-2275) occurs when the tool defaults to an insecure SandboxPython environment if Docker is unavailable, allowing arbitrary C function calls if code execution is enabled in the agent’s configuration.
Exploiting this flaw can trigger the remaining vulnerabilities:
- CVE-2026-2286: A server-side request forgery (SSRF) bug in RAG search tools, enabling attackers to access internal and cloud services due to improper URL validation.
- CVE-2026-2287: A remote code execution (RCE) risk caused by CrewAI failing to verify Docker’s runtime status, falling back to an insecure sandbox.
- CVE-2026-2285: An arbitrary file read issue in the JSON loader tool, allowing unauthorized access to local files due to unvalidated file paths.
Attackers could exploit these flaws through direct or indirect prompt injections, bypassing sandbox protections to execute code on the host machine or exfiltrate data. While no official patch has been released, CrewAI’s maintainers are developing mitigations, including blocking vulnerable modules, enforcing fail-closed configurations, and updating security documentation.
Temporary workarounds include disabling the Code Interpreter tool, restricting code execution flags, and applying input sanitization to limit exposure. The vulnerabilities highlight risks in AI agent frameworks, particularly when handling untrusted input.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
752
FEBRUARY 2026
752
JANUARY 2026
752
DECEMBER 2025
752
NOVEMBER 2025
752
OCTOBER 2025
752
SEPTEMBER 2025
752
AUGUST 2025
752
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CrewAI ??
What was CrewAI's A.I Rankiteo Cyber Score in June 2026 ??
What was CrewAI's A.I Rankiteo Cyber Score in May 2026 ??
What was CrewAI's A.I Rankiteo Cyber Score in April 2026 ??
What was CrewAI's A.I Rankiteo Cyber Score in March 2026 ??
What was CrewAI's A.I Rankiteo Cyber Score in February 2026 ??
What was CrewAI's A.I Rankiteo Cyber Score in January 2026 ??
What was CrewAI's A.I Rankiteo Cyber Score in December 2025 ??
What was CrewAI's A.I Rankiteo Cyber Score in November 2025 ??
What was CrewAI's A.I Rankiteo Cyber Score in October 2025 ??
What was CrewAI's A.I Rankiteo Cyber Score in September 2025 ??
What was CrewAI's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CrewAI's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CrewAI ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CrewAI's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?